Jessica Herrera-Flanigan

Jessica Herrera-Flanigan Jessica R. Herrera-Flanigan is a partner at the Monument Policy Group, where she focuses on the issues affecting our nation’s security, technology, commerce, and entertainment markets. Previously, she served as the Staff Director and General Counsel of the House Committee on Homeland Security. She also has served as Senior Counsel at the Computer Crime & Intellectual Property Section, Criminal Division, U.S. Department of Justice, where she led the Section’s cybercrime investigation team. She was a Member of the CSIS Commission on Cyber Security and is a Member of the ABA Standing Committee on Law & National Security. She currently serves as the Fellow for Cybersecurity at the Center for National Policy.
Results 71-80 of 90

Facebook's Token Leak

May 12, 2011 FROM NEXTGOV arrow Reps. Edward Markey and Joe Barton, co-chairs of the House privacy caucus, sent a letter to Facebook on Wednesday regarding a privacy/security vulnerability discovered by Symantec and reported by the Wall Street Journal. Facebook's hundreds of thousands of applications have apparently been leaking "access tokens" to third parties. Access tokens...

Amazon Crash Lesson: Innovate but Verify

April 29, 2011 FROM NEXTGOV arrow While the federal government continues its efforts to expand into cloud and innovative technologies, the Amazon Elastic Compute Cloud (EC2) crash of last week reminds us of the need to "innovate but verify" as we move to the next realm of technologies. Today, Amazon issued a 5,700 word explanation of...

Where is the Security in Today's Executive Order?

April 27, 2011 FROM NEXTGOV arrow President Obama signed an Executive Order today -- Streamlining Service Delivery and Improving Customer Service -- which aims to improve the quality and efficiency of IT-related services provided by the government to the public. The order requires each agency to develop within 180 a customer service plan to address how...

Data Breach Reports Highlight Seriousness of Problem

April 19, 2011 FROM NEXTGOV arrow Today appears to be the day to release data breach reports. Major studies from three very different entities hit the presses today: Verizon's 2011 Data Breach Investigations, a study conducted by the Verizon RISK Team with cooperation from the U.S. Secret Service and the Dutch High Tech Crime Unit. Imperva...

Geolocating You: Good Advertising or Too Invasive?

April 15, 2011 FROM NEXTGOV arrow Yong Wang of Northwestern University presented an interesting paper at the USENIX Symposium on Networked Systems Design and Implementation (NSDI) earlier this month. It explains how to geographically locate an IP address with a median error of about a half-mile square without any cooperation from the client on that IP...

WordPress Hack Puts Government and Commercial Clients at Risk

April 13, 2011 FROM NEXTGOV arrow Continuing the trend in recent weeks of high-profile sites being attacked, the open source blog program WordPress announced that it was hacked on Wednesday and the hackers potentially made off with "anything." In a note posted on the WordPress webblog, founder Matt Mullenweg stated "Tough note to communicate today: Automattic...

Symantec Threat Activity Report: U.S. Tops the List

April 6, 2011 FROM NEXTGOV arrow This week Symantec Corporation released its Internet Security Threat Report, Volume 16, which shows that cyberthreats are "skyrocket[ing] in volume and sophistication" and that the U.S. was tops in almost all that is cyberbad. Specifically, the report found that the U.S. was No. 1 in the following categories for 2010:...

Epsilon: Exposing the Weakest Link

April 4, 2011 FROM NEXTGOV arrow For years, the buzz phrase in cybersecurity has been that a network is only as strong as its weakest link. In the last two days, I have received email alerts from six companies that I've shopped or otherwise done business with online telling me of a data breach and warning...

When Do People Care Who You Are Online?

April 1, 2011 FROM NEXTGOV arrow Ross Anderson, a professor of Security Engineering at Cambridge University, presented his paper "Can We Fix the Security Economics of Federated Authentication?" this week at the Nineteenth International Workshop on Security Protocols. In Anderson's own words: Using one service to authenticate the users of another is an old dream but...

BP Loses Laptop; Was Privacy Compromise Avoidable?

March 30, 2011 FROM NEXTGOV arrow BP is reporting that one of its employees lost a laptop containing the personal information of more than 13,000 people who filed compensation claims with the company in relation to the oil spill in the Gulf of Mexico. The laptop allegedly went missing on March 1, but the loss did...

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.